taking pointer out of bounds nicely

**baray98** · 18th October 2007, 00:49

I am trying to guard my apps not to crush when my pointers are out bounds
here is what i did

Qt Code:

Switch view

bool MyClass::isValid(void)
{
    bool bOutofBounds = false;
    t_TimeRecordHeader* ptrTimeHeader =  locateTimeRecordHeader(); // will give me a pointer to my time record which contian my checksum
    uint16 checksum = ptrTimeHeader->timCheckSum;
    uint16 calChecksum = 0;
    uint16 sum = 0;
    uint8* ptrData = (uint8*) &ptrTimeHeader->sysTimeHigh;
    for (int i = 0; i < (timeBlkSize() - 2) ; i++, ptrData++)
    {
        try
        {
            sum = sum + (uint16)*ptrData;
        }
        catch (...)
        {
          bOutofBounds = true;   // hoping i could catch any exeption
          break;
        }
    }
    calChecksum = sum;
    sum = sum + checksum;
    if (bOutofBounds)  // in the event of an exeption where ptrData is really far (outofbounds) this will never get executed this puzzled me?
    {
        m_ErrorString = tr("Detected checksum pointer of Bounds");
        return false;
    }
    if (sum)
    {
        m_ErrorString = tr("Detected Checksum Error in Frame's Time Record\n Recorded: %1\n Calculated %2")
                        .arg(checksum).arg(calChecksum);
        return false;
    }
    return true;
}

bool MyClass::isValid(void)
{
    bool bOutofBounds = false;
    t_TimeRecordHeader* ptrTimeHeader =  locateTimeRecordHeader(); // will give me a pointer to my time record which contian my checksum
    uint16 checksum = ptrTimeHeader->timCheckSum;
    uint16 calChecksum = 0;
    uint16 sum = 0;
    uint8* ptrData = (uint8*) &ptrTimeHeader->sysTimeHigh;
    for (int i = 0; i < (timeBlkSize() - 2) ; i++, ptrData++)
    {
        try
        {
            sum = sum + (uint16)*ptrData;
        }
        catch (...)
        {
          bOutofBounds = true;   // hoping i could catch any exeption
          break;
        }
    }
    calChecksum = sum;
    sum = sum + checksum;
    if (bOutofBounds)  // in the event of an exeption where ptrData is really far (outofbounds) this will never get executed this puzzled me?
    {
        m_ErrorString = tr("Detected checksum pointer of Bounds");
        return false;
    }
    if (sum)
    {
        m_ErrorString = tr("Detected Checksum Error in Frame's Time Record\n Recorded: %1\n Calculated %2")
                        .arg(checksum).arg(calChecksum);
        return false;
    }
    return true;
}

To copy to clipboard, switch view to plain text mode

is this right or wrong , please enlightened me

baray98

**wysota** · 20th October 2007, 22:56

I've been reading your post over and over and I think I still don't understand it. What exactly are you trying to do? If you read a chunk of memory which is not allocated by your application, it will either not crash at all (and you'll receive garbage) or it will crash without throwing any exceptions because the operating system will kill it because of a page fault. So I'm not sure what you are trying to do, but most likely it won't work.

You can use some memory patrolling tools (like Valgrind for Linux) to inspect whether you are reading/writing past the chunk boundaries so that you can correct your code.

**baray98** · 21st October 2007, 00:10

here is my story

my app is trying to read a datafile. this file is divided into frames and each frames contiains its length and checksum of the frame.

so i read a frame into a memory and check its validity before anything else.

i noticed that if i have an invalid frame checking the checksum will sometimes crash. i found that this is due to the fact that the length is invalid so i ended up reading memory out of my area.

what i want to know is that HOW CAN I PROTECT MY APPS FROM THIS SCENARIO?

i thought i could use try and catch but if it won't give any exception as you said, then there must some other way...

please enlightened me
baray98

**wysota** · 21st October 2007, 00:31

Can't you note the size of the frame and not read more? You might for example fill all the bytes from where you copy the frame to with zeroes (provided that zero can't be seen inside the frame, use some other symbol otherwise) and then check the input (after writing the frame) for the character and stop reading if you spot it?

Basically if you know the frame length and you see that the frame is shorter, you can ignore it instantly without checking the checksum.